k8s
gobomb opened this issue · comments
kubectl cluster-info dump | grep -m 1 service-cluster-ip-range
kubectl cluster-info dump | grep -m 1 cluster-cidr
网络调试镜像 praqma/network-multitool
国内Mirror sites
quay.io -> quay-mirror.qiniu.com
gcr.io -> gcr.azk8s.cn
cient-go 是从 k8s 代码中抽出来的一个客户端工具,Informer 是 client-go 中的核心工具包,已经被 kubernetes 中众多组件所使用。所谓 Informer,其实就是一个带有本地缓存和索引机制的、可以注册 EventHandler 的 client,本地缓存被称为 Store,索引被称为 Index。使用 informer 的目的是为了减轻 apiserver 数据交互的压力而抽象出来的一个 cache 层, 客户端对 apiserver 数据的 "读取" 和 "监听" 操作都通过本地 informer 进行。Informer 实例的Lister()方法可以直接查找缓存在本地内存中的数据。
Informer 的主要功能:
-
同步数据到本地缓存
-
根据对应的事件类型,触发事先注册好的 ResourceEventHandler
访问docker容器网络命名空间
pid=$(docker inspect -f '{{.State.Pid}}' ${container_id})
mkdir -p /var/run/netns/
ln -sfT /proc/$pid/ns/net /var/run/netns/[container_id]
ip netns exec [container_id] ip a
https://www.thegeekdiary.com/how-to-access-docker-containers-network-namespace-from-host/
Kubernetes uses the term list to describe returning a collection of resources to distinguish from retrieving a single resource which is usually called a get.
lever-base and edge-base
https://stackoverflow.com/questions/31041766/what-does-edge-based-and-level-based-mean
LowerDir: these are the read-only layers of an overlay filesystem. For docker, these are the image layers assembled in order.
UpperDir: this is the read-write layer of an overlay filesystem. For docker, that is the equivalent of the container specific layer that contains changes made by that container.
WorkDir: this is a required directory for overlay, it needs an empty directory for internal use.
MergedDir: this is the result of the overlay filesystem. Docker effectively chroot's into this directory when running the container.
https://zhuanlan.zhihu.com/p/59544387
tidb operator 如何使用优雅关闭
https://github.blog/2019-11-21-debugging-network-stalls-on-kubernetes/
Debugging network stalls on Kubernetes
https://www.bluematador.com/blog/kubernetes-deployments-rolling-update-configuration
stragegy 可设为 rollingupdate 或者 recreate
在给dockerd设置代理的情况下,要记得设置 Bypass proxy settings for these hosts & domains,否则push镜像时会报错:
error parsing HTTP 404 response body: unexpected end of JSON input: ""
https://mp.weixin.qq.com/s/-Kau28Q5y23GyGWECWlhVg
client-go 中 index 相关源码
openshift v2.11.0+1cd89d4-542
kubernetes v0.11.0+d4cacc0
openshift 在发布deployment时,默认会给pod加node-role.kubernetes.io/compute=true的nodeselector使得pod调度到计算节点上。
可修改namespace的annotation,覆盖默认nodeselector:oc annotate --overwrite namespace default openshift.io/node-selector='region=infra'
https://zhuanlan.zhihu.com/p/37217575
写了类似的bug,难怪每次报错:
Status:Failure,Message:The resourceVersion for the provided watch is too old.,Reason:Expired,Details:nil,Code:410,}
https://mp.weixin.qq.com/s/jWH7jVxj20bmc60_C-w9wQ
patch 和 update
用dlv调试容器内go进程
dlv attach $(pidof $YOURPOCESS) $(docker inspect -f '{{.GraphDriver.Data.MergedDir}}{{.Path}}' $CONTAINERID)
$YOURPOCESS 为进程名
$CONTAINERID 为容器ID
crd定义yaml中设置kubectl能够显示的列
spec:
additionalPrinterColumns:
- JSONPath: .status.phase
name: State
type: string
- JSONPath: .metadata.creationTimestamp
name: CreateTime
type: string
group: cloudapp.cloudtogo.cn
names:
.....
https://blog.csdn.net/u013276277/article/details/103404653
client-go watch 返回的 chan 被关闭问题
https://mp.weixin.qq.com/s/jWH7jVxj20bmc60_C-w9wQ
k8s update与apply